I can ping 192.168.0.8 and 192.168.0.2 from remote site computer 192.168.25.11. I set  ip router 192.168.25.0 255.255.255.0 192.168.0.17 on 192.168.0.8 (netscreen router)and 192.168.0.2(cisco router). The gateway for the 192.168.0.36 is 192.168.0.2. The gateway for 192.168.25.11 is 192.168.25.1. 192.168.0.36 can ping 192.168.25.11.I setup the site to site vpn follow the manual of Cisco. no additional settings.

the server is only a windows server. it can't be set to restrict response to non-local device. I use tracert 192.168.0.36. the result is 192.168.25.1-->192.168.0.17, then stopped.

192.168.25.1-->192.168.0.17

 

This proves either you have some policies dropping at FW side.

 

From 192.168.0.17  can you able to ping 192.168.0.36 ?

 

how about ping  from 192.168.0.36 to other side ?

Yes, 192.168.0.36 and 192.168.0.17 can ping each other. 

192.168.0.2 is a cisco router. 192.168.0.8 is a netscreen router. The computer set 192.168.0.8 as gateway can be ping by subnet 192.168.25.0. others can't be ping if the gateway set to 192.168.0.2. I think this issue is caused by the cisco. I just investigating that router but don't know why. Will post the result if I got it.

 

 

Regards,

Nicholas 

this case can you able to ping from(192.168.0.2 is a cisco router) ? if yes post 192.168.0.2 is a cisco router config.

Building configuration...

Current configuration : 7023 bytes
!
! Last configuration change at 11:38:37 HKG Thu Apr 11 2019
! NVRAM config last updated at 11:38:44 HKG Thu Apr 11 2019
!
version 12.3
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname XXX-DG-3640
!
boot-start-marker
boot system flash flash:c3640-is-mz.123-13a.bin
boot-end-marker
!
logging buffered 4096 debugging
enable secret 5 $1$35D8$j.Wqh5PUeh03e3Qh4FBhq/
enable password 7 00071A150754
!
clock timezone HKG 8
voice-card 1
!
no aaa new-model
ip subnet-zero
!
!
ip cef
!
vty-async
!
!
voice call send-alert
!
voice class codec 90
codec preference 1 g723ar53 bytes 60
codec preference 3 g723r53 bytes 60
codec preference 5 g723ar63 bytes 48
codec preference 7 g723r63 bytes 48
codec preference 9 g729br8 bytes 50
codec preference 11 g729r8 bytes 50
codec preference 13 gsmefr bytes 64
!
!
!
!
!
!
!
!
!
!
!
controller E1 1/0
framing NO-CRC4
ds0-group 0 timeslots 1-15,17-24 type e&m-immediate-start
!
class-map match-all voice-signaling
match access-group 111
class-map match-all voice-traffic
match access-group 110
!
!
policy-map voice-policy
class voice-traffic
priority 432
class voice-signaling
bandwidth 432
class class-default
fair-queue
!
!
!
!
interface FastEthernet2/0
ip address 192.168.0.2 255.255.255.0
ip access-group 109 in
ip helper-address 10.10.2.11
ip accounting output-packets
ip route-cache flow
ip policy route-map hkinternet
speed 100
full-duplex
!
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.9
ip route 10.10.1.0 255.255.255.0 10.128.7.1
ip route 10.10.2.0 255.255.255.0 192.168.0.8
ip route 10.10.2.11 255.255.255.255 192.168.0.8
ip route 10.10.4.0 255.255.255.0 192.168.0.8
ip route 10.10.11.0 255.255.255.0 10.128.7.1
ip route 10.128.5.0 255.255.255.0 192.168.0.8
ip route 10.128.9.0 255.255.255.0 192.168.0.10
ip route 10.128.11.0 255.255.255.0 192.168.0.11
ip route 10.128.12.0 255.255.255.0 192.168.0.9
ip route 10.128.13.0 255.255.255.0 192.168.0.10
ip route 10.128.15.0 255.255.255.0 192.168.0.12
ip route 192.168.25.0 255.255.255.0 192.168.0.8
ip route 10.128.28.0 255.255.255.0 192.168.0.8
ip route 10.128.68.0 255.255.255.0 10.128.7.1
ip route 10.128.128.0 255.255.255.0 192.168.0.8
!
!
no logging trap
access-list 101 permit udp any eq bootpc host 255.255.255.255
access-list 101 permit udp any eq bootps host 255.255.255.255
access-list 101 permit udp any host 255.255.255.255 eq bootpc
access-list 101 permit udp any host 255.255.255.255 eq bootps
access-list 101 deny ip any host 255.255.255.255
access-list 101 permit ip any any
access-list 104 permit ip host 192.168.0.2 host 10.128.13.128
access-list 104 permit ip host 192.168.0.11 host 10.128.13.128
access-list 104 permit ip host 192.168.0.10 host 10.128.13.128
access-list 104 deny ip 10.0.0.0 0.0.0.255 host 10.128.13.128
access-list 104 permit ip any host 10.128.13.128
access-list 104 permit ip any host 10.10.2.29
access-list 104 permit ip any host 10.10.2.9
access-list 104 permit ip any host 10.10.2.28
access-list 104 permit ip host 192.168.0.33 any
access-list 104 permit ip host 192.168.0.34 any
access-list 104 permit ip host 192.168.0.35 any
access-list 104 permit ip host 192.168.0.36 any
access-list 104 permit ip host 192.168.0.37 any
access-list 104 permit ip host 192.168.0.38 any
access-list 104 deny ip any 10.10.10.0 0.0.0.255
access-list 104 deny ip any 10.10.30.0 0.0.0.255
access-list 104 permit ip 10.128.0.0 0.0.255.255 any
access-list 106 permit ip host 10.10.2.29 any
access-list 107 permit ip host 192.168.0.103 any
access-list 107 permit ip host 192.168.0.30 any
access-list 107 permit ip host 192.168.0.31 any
access-list 107 permit ip host 192.168.0.32 any
access-list 107 permit ip host 192.168.0.33 any
access-list 107 permit ip host 192.168.0.34 any
access-list 107 permit ip host 192.168.0.35 any
access-list 107 permit ip host 192.168.0.36 any
access-list 107 permit ip host 192.168.0.38 any
access-list 107 permit ip host 192.168.0.50 any
access-list 107 permit ip host 10.128.13.131 any
access-list 107 permit ip host 192.168.0.40 any
access-list 107 permit ip host 10.128.13.129 any
access-list 107 permit ip host 192.168.0.11 any
access-list 108 permit ip host 192.168.0.2 host 10.128.13.128
access-list 108 permit ip host 192.168.0.11 host 10.128.13.128
access-list 108 permit ip host 192.168.0.10 host 10.128.13.128
access-list 108 deny ip 10.128.0.0 0.0.255.255 host 10.128.13.128
access-list 108 permit ip any any
access-list 109 permit ip host 192.168.0.10 10.128.13.128 0.0.0.7
access-list 109 permit ip host 192.168.0.2 10.128.13.128 0.0.0.7
access-list 109 permit ip host 10.10.2.18 10.128.13.128 0.0.0.7
access-list 109 permit ip host 10.10.2.24 10.128.13.128 0.0.0.7
access-list 109 deny ip 10.0.0.0 0.255.255.255 10.128.13.128 0.0.0.7
access-list 109 permit ip any any
access-list 110 permit udp any any range 16384 37276
access-list 111 permit tcp any eq 1720 any
access-list 111 permit tcp any any eq 1720
!
route-map hkinternet permit 11
match ip address 107
set ip default next-hop 10.128.7.1
!
route-map ssl permit 10
match ip address 106
set ip default next-hop 192.168.0.11
!
snmp-server community public RW
snmp-server enable traps tty
!
voice-port 1/0:0
define Tx-bits idle 1001
define Tx-bits seize 0001
define Rx-bits idle 1001
define Rx-bits seize 0001
timeouts wait-release 20
!
!
!
!
dial-peer cor custom
!
!
dial-peer cor list name
!
!
dial-peer voice 461 voip
destination-pattern 461..
voice-class codec 90
session target ipv4:10.10.2.11
dtmf-relay h245-alphanumeric
ip qos dscp cs5 media
!
dial-peer voice 462 voip
destination-pattern 462..
voice-class codec 90
session target ipv4:10.10.2.11
dtmf-relay h245-alphanumeric
ip qos dscp cs5 media
!
dial-peer voice 463 voip
destination-pattern 463..
voice-class codec 90
session target ipv4:10.10.2.11
dtmf-relay h245-alphanumeric
ip qos dscp cs5 media
!
dial-peer voice 469 voip
destination-pattern 469........
voice-class codec 90
session target ipv4:10.10.2.11
dtmf-relay h245-alphanumeric
ip qos dscp cs5 media
!
dial-peer voice 460 voip
destination-pattern 460
voice-class codec 90
session target ipv4:10.10.2.11
dtmf-relay h245-alphanumeric
ip qos dscp cs5 media
!
dial-peer voice 411 pots
destination-pattern 411..
port 1/0:0
prefix 1
!
dial-peer voice 412 pots
destination-pattern 412..
port 1/0:0
prefix 2
!
dial-peer voice 413 pots
destination-pattern 413..
port 1/0:0
prefix 3
!
dial-peer voice 410 pots
destination-pattern 410
port 1/0:0
prefix 0
!
dial-peer voice 489 voip
destination-pattern 489T
voice-class codec 90
session target ipv4:10.10.2.11
dtmf-relay h245-alphanumeric
ip qos dscp cs5 media
!
dial-peer voice 4194 pots
destination-pattern 419429T
port 1/0:0
prefix 9
!
dial-peer voice 4633 voip
!
gateway
!
!
line con 0
line aux 0
line vty 0 4
exec-timeout 2100 0
password 7 045802150C2E
logging synchronous
login
!
ntp clock-period 17179740
ntp server 202.123.165.147
!
end

in 192.168.0.2, if I set ip route 192.168.25.0 255.255.255.0 192.168.0.8, I can't ping the 192.168.0.2 from remote site. change to ip route 192.168.25.0 255.255.255.0 192.168.0.2. then I can ping these 2 routers. all PC/server set gateway to 192.168.0.2 can't be ping from remote site. gateway set to 192.168.0.8 is ok.

There will be two reasons. 1. Anything blocking on the firewall so can you any ACL applied on the router or inspection also may drop the ICMP.

2. Did you disable the windows firewall and tested it?

One question:- why both routers having default gateway as server address? Is there anything special service on the server which not mentioned in this diagram? 

rv340 and other routers and servers are plug into a same switch.